Here's a translation of another interesting blog from my colleague Jorge Mieres at ESET Latin America (the original is in Spanish). Apologies in advance for any errors in interpreting and interpretation, and if you find the sub-headers flippant, that's my fault too.
Jorge told me about it (the blog, not my tendency to flippancy) several days ago, but unfortunately I've been beset by travel and deadlines and had no opportunity to work on it. However, while assembling some notes for a journalist in the UK this morning, I found myself referring to it as source material, and figured it was about time to share it here: not only for its insights into the Latin American crimeware scene, but even more so as a neat summary of the way in which global crimeware is distributed regionally.
While the crimeware industry is seen as focusing its activities of origin in countries that are on the other side of the world from us in Latin America (Russia, Ukraine, China, etc.), criminal activities are not limited to Eastern Europe, and the general perception that this issue is not directly relevant to Latin America is completely wrong.
Indeed, the volume of security events generated through cyber-criminality is constantly increased in the region and Latin American cyber-criminal business models provide a popular template for models used elsewhere.
For more specific cases which illustrate this aspect in Argentina, Chile and Mexico, I recommend the reading of Crimeware in Latin America. [http://blogs.eset-la.com/laboratorio/2010/06/15/cibercrimen-en-latinoamerica/]
Crimeware represents a major problem at the global level to which nothing and no one is immune, home users being robbed of assets including their confidential information, while criminals target corporate sensitive information of any type.
While Eastern European countries often enjoy a weak legal framework in the field of computer security, affording offenders the opportunity to enjoy minimal risk of being discovered and consequently caught, Latin American legislation in this area is also weak and offers a similar criminal paradise.
Thus, it is possible to see "regionalized" figures for crimeware security incidents and trends by countries (or regions) that allow us to draw outlines a "criminal map".
Then… what of this side of the world?
The highest rate of spread of spam, a key security problem, is located in the US and South American countries. According to Spamhaus, The US is located at the head of the top 10 spam-emitting countries, with Argentina and Brazil representing South America in that table.
Brazil is well known for banking attacks. Despite it's lower placing as regards the spread of spam, Brazil is also characterized as the source of development of Trojans designed to steal financial and banking information generally identified by ESET products as the Win32/Spy.Banker family.
Peru and Mexico also have significant communities engaged in the development of crimeware . Generally, web applications designed for the control and management of botnets are often developed in Russia. However, this area too is receiving increasing attention in Latin American countries: consider, for example, the 2009 SAPZ (Sistema de Administración de PCs Zombi – zombie PCs management system), and this year's Mexican botnet "Mariachi", discovered by our analysis and research laboratory here in Latin America.
China is well known for its targeted attacks. However, according to Spamhaus, China is also the second most prolific sender of spam. Chinese attackers also do a flourishing trade in Distributed Denial of Service (DDoS) attacks. Many security incidents gaining lots of attention from the media globally are associated with Operation Aurora, including attacks against human rights activists in China, Google and other major Western companies.
Russia is a well-known workshop for crimeware resources, and stands out mainly as a source of more developer-oriented resources to augrment the crimeware black economy. A significant proportion of such resources as the ZeuS malware and exploit packs like Liberty heavily exploited by criminals, were originally developed in Russia.
A wide range of frauds, among many other illicit activities, also originate in Russia: while these may be propagated from Russian domains, they are also seen in other regions such as Iran, China and Ukraine.
Ultimately, criminal industry and professionalization is growing by the day, impacting upon security and safety worldwide, feeding the clandestine economy in return, and generating criminal activity that leverages the Internet as a channel for infrastructural attack. In consequence, no matter where in the world we find ourselves, it is enough simply to be connected to the Internet to become a potential source of profit to cybercriminals.
Inevitably, we need to stay informed, alert and proactive, encouraging good security practices to lessen our exposure to attack.
Thanks for letting us share that information, Jorge.
David Harley CITP FBCS CISSP
ESET Research Fellow